XF 1.2 New install, issues with pwd hash and workarounds


Active member
So I had actually discovered this issue with my current SMF forum a year or so ago but did a workaround and forgot about it. I'm a bit worried for XenForo though due to it being more updated for PHP.

When I try to install XenForo on my host after created the DB and user, I receive this error:

mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file
The CPanel on my host doesn't create newer mysql hashed passwords and since I don't have admin level access to my phpmyadmin nor any kind of CLI I can't set the password for the user to re-create the hash.

My previous workaround was to add this to .htaccess in the root of the forum software:

AddHandler application/x-httpd-php52 .php5 .php4 .php .php3 .php2 .phtml
AddType application/x-httpd-php52 .php5 .php4 .php .php3 .php2 .phtml
I'm wondering if this forces the application to use PHP 5.2 instead of the installed 5.3 and will that cause any issues with XenForo? At work I know of the significant changes in 5.3 which broke some of my code and I had to do several updates to the structure but I don't believe I've done any specific 5.3+ code on my personal sites before and thus not sure of the above workarounds effect.

The support department for the host asked for the connection string or PHP file I'm using but I've very new to XenForo (1 day) so I'm completely unfamiliar with the code base and what to provide them. I rather like the host, they've been doing quite well for me over the years and they're decently priced but if I need to move to another host I will do so, especially as my new sites I'll be using PHP 5.3+ functions.


Active member
And this was the response from the host last time I had this issue. So basically their PHP isn't compatible with their MySQL version if I use MySQLi?

I have reviewed several files and noticed that you are using MySQLi within as a database driver instead of MySQL. While MySQLi works perfectly with PHP 5.2 and the current MySQL version which was upgraded recently it does not work properly with PHP 5.3 and the current MySQL version which is why to correct such issues the code needs to be either redone to use MySQL driver instead of MySQLi and work properly with PHP 5.3 or the PHP version maintained at 5.2.

Please note that the code worked previously with PHP 5.3 because both the PHP and MySQL versions were older and compatible. Currently some functions of your code appear to be deprecated.


XenForo developer
Staff member
The password system changed in MySQL in 4.1 if I recall. The last release of that was 2008. It seems totally insane to generate passwords in the old password format.

The MySQL driver in PHP is deprecated as well, and XenForo is completely not compatible with it. MySQLi actually uses (or can use) an entirely different protocol (binary vs string) and indeed that's needed for prepared statements. I'm pretty sure the MySQL driver can support the new password format as long as it's compiled against a server version that supports it.

If forcing PHP 5.2 works, then I'm afraid that's what you'd have to do. XenForo works with that, though PHP 5.2 is completely end of life'd and there are benefits that you would get with newer PHP versions (performance and security related).

I would probably recommend looking at a different host unless they have a way to use at least PHP 5.3 with non-deprecated options.